Privacy Impact Assessment: Comparing Methodologies with a Focus on Practicality

  title={Privacy Impact Assessment: Comparing Methodologies with a Focus on Practicality},
  author={Tamas Bisztray and Nils Gruschka},
Privacy and data protection have become more and more important in the recent years since an increasing number of enterprises and startups are harvesting personal data as a part of their business model. One central requirement of the GDPR is the implementation of a data protection impact assessment for privacy critical systems. However, the law does not dictate a special assessment methods. 
Privacy Technologies and Policy: 8th Annual Privacy Forum, APF 2020, Lisbon, Portugal, October 22–23, 2020, Proceedings
A specialized methodological framework for carrying out a Data Protection Impact Assessment (DPIA) is proposed to enable controllers to assess and prevent ex ante the risk to the right to non-discrimination as one of the key fundamental rights that GDPR aims to safeguard.
Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform
This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.
Data Protection Impact Assessment in Identity Management With a Focus on Biometrics
Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General
Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL
The Fourth Industrial Revolution imposes a number of unprecedented societal challenges and these are increasingly being addressed through regulation. This, in turn, lays the burden to adopt and
Threat and Risk Management Framework for eHealth IoT Applications
A new threat and risk management (TRM) framework will be provided, based on STRIDE and LINDDUN methodologies, and it will overcome existing limitations by employing components on feature space modelling, risk-driven scoring, configuration decision support, and regulatory compliance.


Evaluating privacy impact assessments
Privacy impact assessments (PIAs) are emerging as an important privacy management tool for public and private sector organizations. However, a key concern of PIA policy and practice is the lack of
Engineering privacy by design: lessons from the design and implementation of an identity wallet platform
The paradigm of Privacy-by-Design (PbD) has become more important nowadays, which has also become a regulatory requirement by the EU General Data Protection Regulation (GDPR), which came into force in May 2018.
A Comparative Analysis of Privacy Impact Assessment in Six Countries
The European Commission is revising the EU’s data protection framework. One of the changes concerns privacy impact assessment (PIA). This paper argues that the European Commission and the EU Member
Alibaba’s Jack Ma says he is ‘worried’ Europe will stifle innovation with too much tech regulation | South China
  • Morning Post (May 2019),
  • 2019
Google fined EUR 50 million in France for GDPR violation (Jan 2019)
  • 2019
The open source PIA software helps to carry out data protection impact assesment
  • 2019
Informatique et des Libertés: Analyse d'impact relativeà la protection des données : publication d'une liste des traitements pour lesquels une analyse est requise
  • 2018
Recommendations for a privacy impact assessment framework for the European Union (2012), https://
  • final.pdf
  • 2018
Article 29 Working Party: Guidelines on Data Protection Impact Assessment (DPIA
  • 2017